New regulations protect consumers and the environment from zombie tech 

Major new and upcoming legislation demonstrates that circularity is moving from a voluntary measure to a matter of governmental compliance. New York’s proposed Fashion Act (which would require major apparel companies to map their supply chains, disclose environmental impacts and set binding emissions reduction targets) and California’s Climate Corporate Data Accountability and Climate-Related Financial Risk acts are sure to be followed by more state laws on disclosure and impact reduction. 

Meanwhile, several new tech-focused EU laws emerging over the coming year will focus on software, cloud computing and AI. 

High technology will now be considered the same as physical products — meaning it has an end-of-life consequence. 

That marks a dramatic shift in corporate responsibility. Hardware teams are traditionally tasked with managing physical longevity, material recovery and recycling streams — i.e., circularity. Software teams, meanwhile, have operated in a state of digital abandonment, walking away from products via forced updates or silent sunsets, without tangible consequences. Because the waste produced by software is less visible, it was easy to ignore.

This disconnect is a primary obstacle to true circularity. It creates zombie hardware — perfectly good machines rendered useless because their digital support was pulled. These new regulations attempt to reconstruct this breakage. 

The new pillars

The shift is driven by two specific pillars of legislation designed to protect consumers and the environment from digital wastage.

The Cyber Resilience Act, approved in 2024 and due to take full effect in 2027, enforces a disclosed support period on the product. Companies must now reveal an official sunset date for their products and provide security updates for as long as a product can foreseeably be used, typically a minimum of five years. This effectively ends the practice of silent sunsets where a product loses its functionality overnight.

The Product Liability Directive, which updated and strengthened regulations passed in 1985 and will apply to products that come on the market starting in December, officially classifies software as a product and assigns responsibility to the producer. This carries strict liability for defects for anywhere between 10 and 25 years. Even after a consumer stops using a service, the brand remains legally obligated to ensure the safety and performance of that legacy software or AI. 

These aren’t  just tech laws; they’re longevity laws that hold software to the same accountability standards as hardware.

Change is gonna come 

While the U.S. lacks a federal equivalent to these EU regulations, producer responsibility is tightening globally. Federal directives like Executive Order 14028 and new guidelines from the National Institute of Science & Technology mandate that software producers provide a bill of materials to meet strict security standards that aim to increase transparency and longevity in the federal supply chain. 

At the same time, U.S. courts have started to treat software as a product in liability cases rather than an intangible service. Recent lawsuits involving Tesla Autopilot and medical devices attempt to apply strict product liability to software. 

For sustainability professionals, this means that aligning software support with physical product lifespans is becoming a universal requirement for risk management.

A clear directive

These changes provide a clear directive  for sustainability leaders: Use the legislation to break down internal silos. Software teams now face strict legal liability for 20-year-old code, providing a sudden, shared incentive for product longevity with sustainability teams. 

Your circularity strategy can no longer track only carbon or plastic; it must track digital end-of-support dates as well. Bringing product and software support dates together as a company-led initiative will improve the coherence of your product legacy and reduce climate impacts. Those who get ahead of the coming regulatory shift will avoid penalties and litigation while solidifying revenue and customer loyalty, by placing compliance within the narrative of product longevity. 

Sustainability professionals can work with brand and content teams to ensure that consumers hear a single, coherent message about how the product winds down. Whether the process involves a hardware repair or a software transition, the message should be as clear and supportive as at the initial sale. For example: Cable-box pick-up is handled by the same marketing team that delivered it. Or the resale of your phone is dealt with via packaging similar to the software upgrade branding.

Legislative and judicial threads are converging around consumers’ experiences at the end of products’ lives, with brand- and business-led off-boarding for the user. The alternative is a bumpy ride of compliance missteps, activist blowback and consumer impatience as your business chases global legislation. 

Instead, start with a cohesive brand strategy that asks, “How do we end our customers’ engagement with our products.” Solving that will place companies ahead of legislation rather than playing catch-up.

The good news: Sustainability teams are already working on end-of-product-life experiences. Now it’s time to get the tech team on board.